U.S. agencies get help with security patches

[InfoSec News <isn () c4i org>]

http://www.infoworld.com/articles/hn/xml/03/01/24/030124hnuspatches.xml

By Grant Gross 
January 24, 2003 

WASHINGTON -- U.S. government agencies gained a new tool for fighting
computer vulnerabilities this week with the launch of a new service
that helps them find the security patches they need.

The Patch Authentication and Dissemination Capability (PADC) program
at the Federal Computer Incident Response Center (FedCIRC) is designed
to provide an easy-to-use, one-stop shop for federal IT security
administrators hunting through the "forest" of software patches
available, said Sallie McDonald, assistant commissioner with the U.S.  
Office of Information Assurance and Critical Infrastructure
Protection.

The free service, available to federal civilian agencies such as the
Department of the Interior, allows systems administrators to register
their IT equipment and then notifies them when relevant patches become
available. PADC tests the patches and also rank them by what it
considers their order of importance.

In the past, federal systems administrators had to search for patches
on their own, sometimes picking through hundreds of patches to find
what they needed.

"What we're hoping to do is make this an easier process for systems
administrators," McDonald said. "They'll only get notified of the
vulnerabilities they need to know about, and they'll see how
significant the patch is, so they'll know if they need to apply it
right away or if they can wait until next weekend."

About 13 major federal agencies had signed up for the service by the
launch Tuesday, she said. The next logical step would be to establish
a system that can scan agency servers for vulnerabilities, McDonald
said.

The security patch "clearinghouse" helps agencies satisfy the rules of
the Federal Information Security Management Act of 2002, passed in
December, which requires federal agencies have patch management
processes. The first draft of President George W. Bush's National
Strategy to Secure Cyberspace, released in September, suggests a
similar national clearinghouse should be set up to serve private
businesses.


 

-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.